General
-
Target
0458b8e5d1cde56d5920c8db855f6534_JaffaCakes118
-
Size
19.8MB
-
Sample
240428-er876afg84
-
MD5
0458b8e5d1cde56d5920c8db855f6534
-
SHA1
19040be4f7d1bed1b19b2e8b3d8756caec2a1db3
-
SHA256
d2556e86c6a81adb27f6ddd42c5d0d0ed1f9b3e492fd5dae44e571adba3c04b7
-
SHA512
91f5d4c684e6848ca5da1024d3e6675f6a066725e045cb10876fb631e1194e6e31e7c1f5988bea5637e7526b913266bba12d7629c36aa0020504af11e8c41f20
-
SSDEEP
393216:dFgRavDllzWEyzPpe4hsFgRavDllzWEyzPpe4h:zvDllLyTlhYvDllLyTlh
Behavioral task
behavioral1
Sample
0458b8e5d1cde56d5920c8db855f6534_JaffaCakes118.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
0458b8e5d1cde56d5920c8db855f6534_JaffaCakes118
-
Size
19.8MB
-
MD5
0458b8e5d1cde56d5920c8db855f6534
-
SHA1
19040be4f7d1bed1b19b2e8b3d8756caec2a1db3
-
SHA256
d2556e86c6a81adb27f6ddd42c5d0d0ed1f9b3e492fd5dae44e571adba3c04b7
-
SHA512
91f5d4c684e6848ca5da1024d3e6675f6a066725e045cb10876fb631e1194e6e31e7c1f5988bea5637e7526b913266bba12d7629c36aa0020504af11e8c41f20
-
SSDEEP
393216:dFgRavDllzWEyzPpe4hsFgRavDllzWEyzPpe4h:zvDllLyTlhYvDllLyTlh
-
Detect Blackmoon payload
-
XMRig Miner payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2